From 9ab7dd179f034fcb1ffae13fef54637a901a2665 Mon Sep 17 00:00:00 2001 From: johnsmyth Date: Mon, 18 Mar 2024 09:56:29 -0500 Subject: [PATCH] Updates v0.22.1 (#180) * docs: add doc for STEAMPIPE_DATABASE_SSL_PASSWORD env var (#177) * edits for STEAMPIPE_DATABASE_SSL_PASSWORD --------- Co-authored-by: Brahim Boukoufallah --- docs/managing/service.md | 11 +++++----- docs/reference/env-vars/overview.md | 3 ++- .../env-vars/steampipe_database_password.md | 4 ++-- .../steampipe_database_ssl_password.md | 21 +++++++++++++++++++ docs/sidebar.json | 1 + 5 files changed, 32 insertions(+), 8 deletions(-) create mode 100644 docs/reference/env-vars/steampipe_database_ssl_password.md diff --git a/docs/managing/service.md b/docs/managing/service.md index 65ac361..c7e9efb 100644 --- a/docs/managing/service.md +++ b/docs/managing/service.md @@ -12,7 +12,8 @@ Alternatively, you can run Steampipe in service mode. Running `steampipe servic ## Starting the database in service mode When you run `steampipe service start`, Steampipe will start in service mode. Steampipe prints connection information to the console that you can use in connection strings for your application or 3rd party tools: -``` + +```bash $ steampipe service start Steampipe service is running: @@ -30,10 +31,10 @@ Managing the Steampipe service: # Get status of the service steampipe service status - + # Restart the service steampipe service restart - + # Stop the service steampipe service stop @@ -66,10 +67,10 @@ Managing the Steampipe service: # Get status of the service steampipe service status - + # Restart the service steampipe service restart - + # Stop the service steampipe service stop diff --git a/docs/reference/env-vars/overview.md b/docs/reference/env-vars/overview.md index 0684acd..59ed5ea 100644 --- a/docs/reference/env-vars/overview.md +++ b/docs/reference/env-vars/overview.md @@ -24,6 +24,7 @@ Note that plugins may also support environment variables, but these are plugin-s | [STEAMPIPE_CLOUD_HOST](reference/env-vars/steampipe_cloud_host) | `pipes.turbot.com` | Set the Turbot Pipes host, for connecting to Turbot Pipes workspace. DEPRECATED - Use [`PIPES_HOST`](/docs/reference/env-vars/pipes_host) | [STEAMPIPE_CLOUD_TOKEN](reference/env-vars/steampipe_cloud_token) | | Set the Turbot Pipes authentication token for connecting to Turbot Pipes workspace. DEPRECATED - Use [`PIPES_TOKEN`](/docs/reference/env-vars/pipes_token). | [STEAMPIPE_DATABASE_PASSWORD](reference/env-vars/steampipe_database_password)| randomly generated | Set the steampipe database password for this session. This variable must be set when the steampipe service starts. +| [STEAMPIPE_DATABASE_SSL_PASSWORD](reference/env-vars/steampipe_database_ssl_password)| | Set the passphrase used to decrypt the private key for your custom SSL certificate. By default, Steampipe generates a certificate without a passphrase; you only need to set this variable if you use a custom certificate that is protected by a passphrase. | [STEAMPIPE_DATABASE_START_TIMEOUT](reference/env-vars/steampipe_database_start_timeout)| `30` | Set the maximum time (in seconds) to wait for the Postgres process to start accepting queries after it has been started. | [STEAMPIPE_DIAGNOSTIC_LEVEL](reference/env-vars/steampipe_diagnostic_level)| `NONE` | Sets the diagnostic level. Supported levels are `ALL`, `NONE`. | [STEAMPIPE_INSTALL_DIR](reference/env-vars/steampipe_install_dir)| `~/.steampipe` | The directory in which the Steampipe database, plugins, and supporting files can be found. @@ -41,4 +42,4 @@ Note that plugins may also support environment variables, but these are plugin-s | [STEAMPIPE_TELEMETRY](reference/env-vars/steampipe_telemetry) | `info` | Set the level of telemetry data to collect and send. | [STEAMPIPE_UPDATE_CHECK](reference/env-vars/steampipe_update_check)| `true` | Enable/disable automatic update checking. | [STEAMPIPE_WORKSPACE](reference/env-vars/steampipe_workspace) | `default` | Set the Steampipe workspace . This can be named workspace from `workspaces.spc` or a remote Turbot Pipes workspace -| [STEAMPIPE_WORKSPACE_DATABASE](reference/env-vars/steampipe_workspace_database) | `local` | Workspace database. This can be `local` or a remote Turbot Pipes database. \ No newline at end of file +| [STEAMPIPE_WORKSPACE_DATABASE](reference/env-vars/steampipe_workspace_database) | `local` | Workspace database. This can be `local` or a remote Turbot Pipes database. diff --git a/docs/reference/env-vars/steampipe_database_password.md b/docs/reference/env-vars/steampipe_database_password.md index 76ce7a5..03a0659 100644 --- a/docs/reference/env-vars/steampipe_database_password.md +++ b/docs/reference/env-vars/steampipe_database_password.md @@ -6,12 +6,12 @@ sidebar_label: STEAMPIPE_DATABASE_PASSWORD # STEAMPIPE_DATABASE_PASSWORD -Sets the steampipe database password for this session. By default, steampipe creates a random, unique password for the `steampipe` user. To use a different password, set the `STEAMPIPE_DATABASE_PASSWORD` variable and start the steampipe service. +Sets the Steampipe database password for this session. By default, steampipe creates a random, unique password for the `steampipe` user. To use a different password, set the `STEAMPIPE_DATABASE_PASSWORD` variable and start the steampipe service. Note the following: - Steampipe sets the `steampipe` user password when the database starts, thus this variable must be set when the steampipe service starts. - If the `--database-password` is passed to `steampipe service start`, it will override this environment variable. -- Setting `STEAMPIPE_DATABASE_PASSWORD` (or passing the `--database-password` argument) sets the password for the current service instance only - it does not permanently change the steampipe password. You can permanently change the default password by editing the `~/.steampipe/internal/.passwd`. Deleting this file will result in a new random password being generated the next time steampipe starts. +- Setting `STEAMPIPE_DATABASE_PASSWORD` (or passing the `--database-password` argument) sets the password for the current service instance only - it does not permanently change the steampipe password. You can permanently change the default password by editing the `~/.steampipe/internal/.passwd`. Deleting this file will result in a new random password being generated the next time Steampipe starts. - Both `steampipe` and `root` can login from the local host ([`samehost` in the `pg_hba.conf` file](https://www.postgresql.org/docs/14/auth-pg-hba-conf.html)) without a password, regardless of the `STEAMPIPE_DATABASE_PASSWORD` value. diff --git a/docs/reference/env-vars/steampipe_database_ssl_password.md b/docs/reference/env-vars/steampipe_database_ssl_password.md new file mode 100644 index 0000000..c60a651 --- /dev/null +++ b/docs/reference/env-vars/steampipe_database_ssl_password.md @@ -0,0 +1,21 @@ +--- +title: STEAMPIPE_DATABASE_SSL_PASSWORD +sidebar_label: STEAMPIPE_DATABASE_SSL_PASSWORD +--- + + +# STEAMPIPE_DATABASE_SSL_PASSWORD + +Sets the `server.key` passphrase. By default, Steampipe generates a certificate without a passphrase; you only need to set this variable if you use a custom certificate that is protected by a passphrase. + +To use a custom certificate with a passphrase: +- `STEAMPIPE_DATABASE_SSL_PASSWORD` must be set when you start Steampipe. +- The `server.key` content **must** contain [Proc-Type](https://datatracker.ietf.org/doc/html/rfc1421#section-4.6.1.1) and [DEK-Info](https://datatracker.ietf.org/doc/html/rfc1421#section-4.6.1.3) headers. + +## Usage +Start the Steampipe service with a custom password: + +```bash +export STEAMPIPE_DATABASE_SSL_PASSWORD=MyPassPhrase +steampipe service start +``` \ No newline at end of file diff --git a/docs/sidebar.json b/docs/sidebar.json index bd3cee1..b6ba871 100644 --- a/docs/sidebar.json +++ b/docs/sidebar.json @@ -192,6 +192,7 @@ "reference/env-vars/steampipe_cloud_host", "reference/env-vars/steampipe_cloud_token", "reference/env-vars/steampipe_database_password", + "reference/env-vars/steampipe_database_ssl_password", "reference/env-vars/steampipe_database_start_timeout", "reference/env-vars/steampipe_diagnostic_level", "reference/env-vars/steampipe_install_dir",